Threat Advisory | Palo Alto Networks Emergency Path Update

Palo Alto Networks has released an emergency content update to add additional coverage for a recent 0-day vulnerability impacting Adobe Flash (CVE-2015-5119). This exploit can lead to arbitrary remote code execution by the attacker upon successful delivery and exploitation via a specially crafted Adobe Flash swf file, typically via a malicious website.

Please review the note below and ensure the default action is taken.

New Vulnerability Signatures (6)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Minimum PAN-OS Version

Critical

37919

Adobe Flash Player ByteArray Use After Free Vulnerability

CVE-2015-5119

APSB15-16

reset-both

4.0.0

Critical

37920

Adobe Flash Player ByteArray Use After Free Vulnerability

CVE-2015-5119

APSB15-16

reset-both

4.0.0

Critical

37921

Adobe Flash Player ByteArray Use After Free Vulnerability

CVE-2015-5119

APSB15-16

reset-both

4.0.0

Critical

37922

Adobe Flash Player ByteArray Use After Free Vulnerability

CVE-2015-5119

APSB15-16

reset-both

4.0.0

Critical

37923

Adobe Flash Player ByteArray Use After Free Vulnerability

CVE-2015-5119

APSB15-16

reset-both

4.0.0

Critical

37924

Adobe Flash Player ByteArray Use After Free Vulnerability

CVE-2015-5119

APSB15-16

reset-both

4.0.0

Modified Vulnerability Signatures (5)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Minimum PAN-OS Version

Critical

37907

Adobe Flash Player ByteArray Use After Free Vulnerability

CVE-2015-5119

APSB15-16

reset-both

4.0.0

Critical

37909

Adobe Flash Player ByteArray Use After Free Vulnerability

CVE-2015-5119

APSB15-16

reset-both

4.0.0

Critical

37910

Adobe Flash Player Zero Day Exploit Landing Page

CVE-2015-5119

APSB15-16

reset-client

4.0.0

Critical

37911

Adobe Flash Player ByteArray Use After Free Vulnerability

CVE-2015-5119

APSB15-16

reset-both

4.0.0

Critical

37912

Adobe Flash Player ByteArray Use After Free Vulnerability

CVE-2015-5119

APSB15-16

reset-both

4.0.0

Critical

37912

Adobe Flash Player ByteArray Use After Free Vulnerability

CVE-2015-5119

APSB15-16

reset-both

4.0.0

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn

Subscribe to Herjavec Group News

Mailing List *

Threat Advisories

Information on Upcoming Events

Industry News & Thought Leadership

First Name *

Last Name *

Email *

*By selecting one of the communications above, you consent to Herjavec Group sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.